More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ryanair links Booking.com to cyber-attack on its payment system
December 21, 2023
Ryanair has claimed that internet travel giant Booking.com is partly responsible for a recent “malicious attack” on the airline’s payment processing platform. Lawyers for Booking.com had described the allegation of a cyber-attack as “baseless” and “far-fetched”. “The allegations are baseless and refuted by Booking Holdings and Booking.com,” added a spokesperson for the group. Read more… Source: MSN News
- Why Is an Australian Footballer Collecting My Passwords?
December 20, 2023
Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In some campaigns, attackers created chatbots that they registered to someone noteworthy such as an Australian footballer. Other malware campaigns they saw included both web skimmers injected into compromised sites ...
- Here’s Why You’ll Hear About a Lot More Data Breaches in 2024
December 20, 2023
Cybersecurity incidents are constantly in the news these days, but you’ll soon be hearing about a lot more of them. That’s because a new rule from the Securities and Exchange Commission went into effect on Monday, requiring all public companies to report data breaches in just four days. The new SEC rule requires public companies to ...
- Former Chelsea player Rati Aleksidze arrested in Germany for ‘gang-related investment fraud’
December 20, 2023
A former Chelsea striker played a possible minor role in a global investment crime gang, according to prosecutors investigating a cyber scam worth “billions”. Rati Aleksidze was temporarily held under a European arrest warrant in March. German prosecutors told Telegraph Sport he is suspected of playing “at most” a minor role in the Tbilisi-based conspiracy accused of ...
- Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla
December 19, 2023
First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office. The CVE-2017-11882 vulnerability is ...
- Operation HAECHI IV: USD 300 million seized and 3,500 suspects arrested in international financial crime operation
December 19, 2023
LYON, FRANCE – A transcontinental police operation against online financial crime has concluded with almost 3,500 arrests and seizures of USD 300 million (approx. EUR 273 million) worth of assets across 34 countries. The six-month Operation HAECHI IV (July-December 2023) targeted seven types of cyber-enabled scams: voice phishing, romance scams, online sextortion, investment fraud, money laundering ...